I think anything large scale as in Viruses on Facebook, spearphishing is done by organized crime...

or wait

maybe I misinterpret Crafty suggestion.. should we put regular crime such as the above article in this thread? I kind of like how this thread is separate where we can read about the cyber war outside of our personal space, I think guarding your "personal cyberspace" at home and on your personal devices may be worthy of separate thread for personal awareness. There are times I post general awareness information such as Mistakes People Make that Lead to Security Breaches http://www.sans.org/security-resources/mistakes.php?ref=3816 in the "Security, Surveillance issues" in the Martial Arts topics.

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

I hereby delegate to you the authority to take the lead on this. Start newe threads if you wish. Name them. If you want me to modify the names of existing threads please let me know what you have in mind.

Agree. As I gave out my birth date, ss no. and other details multiple times today, it is hard to say anymore what is private. How could anyone diagnose a knee without a social security number, birth date, driver's license, employer and next of kin? I would like them to quit requiring my information rather than to add layers of officers, lawyers, costs and red tape to protect it. All you would need is a radio shack recording device on one appointment phone line for one day to steal dozens of identities before they ever got into the system for encription.

What ever became of the credit card numbers lost by Stratfor? My feeling there was that they learned their lesson, admitted not taking good enough precautions and won't let it happen again. Would a federal law enabling civil (or criminal) penalties be helpful in that instance?

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

"A major cyber attack is currently under way aimed squarely at computer networks belonging to US natural gas pipeline companies, according to alerts issued to the industry by the US Department of Homeland Security.

At least three confidential "amber" alerts – the second most sensitive next to "red" – were issued by DHS beginning March 29, all warning of a "gas pipeline sector cyber intrusion campaign" against multiple pipeline companies. But the wave of cyber attacks, which apparently began four months ago – and may also affect Canadian natural gas pipeline companies – is continuing."

Cybersecurity legislation supported by the likes of Senators Joe Lieberman of Connecticut and Susan Collins of Maine would create a regulatory environment that essentially would require businesses to pick up the majority of the cost for defending against ever increasing threats.

A great deal of cyber espionage is directed at private companies who have a wealth of sensitive information and intellectual property worth tens of billions to foreign governments and represents a national security issue both militarily and economically.

"Let's fast forward to the 21st century. We're an information-based society now. Information is everything. That makes you, as company executives, the front line — not the support mechanism, the front line," said U.S. counterintelligence official Frank Montoya.

The question is, who should ultimately be responsible for picking up the tremendous costs involved with securing critical data maintained by the private sector?

While private sector leaders like Internet Security Alliance president Larry Clinton acknowledge that companies have a responsibility to protect critical systems and data in order to satisfy their obligations to shareholders, the notion that businesses can allocate unlimited resources at the expense of those same shareholders is not feasible.

Clinton and other experts were interviewed on National Public Radio’s “Morning Edition” on Tuesday, May 8th.

"The legally mandated role of the government is to provide for the common defense, and they're willing to spend pretty much whatever it takes to do that. If you're in a private organization, your legally mandated responsibility is to maximize shareholder value. You can't spend just anything on the cyberthreat. You have an entirely different calculus that you have to put into effect," Clinton explained.

Clinton argues that mandating companies to pick up the bill for defending what is really a national security threat puts an unsustainable burden on businesses.

"If the government was interested in paying the private sector to do all these things, probably we would go a long way toward doing it. But the government so far, [with] the Lieberman-Collins bill, wants it all done for free. They want the businesses to simply plow that into their profit and loss statement, and the numbers are staggering. You simply can't do it," Clinton said.

Clinton has led ISA since 2007, and is frequently called upon to offer expert testimony and guidance to Congress, the White House, and numerous Federal Agencies on policy and legislative efforts.

The Internet Security Alliance (ISA) is a unique multi-sector trade association which provides thought leadership and strong public policy advocacy as well as business and technical services to its membership.

Clinton believes the current legislation under consideration is far too punitive in nature, and would disincentivize companies from both investing in better security measures and from disclosing data loss events, as well as creating a regulatory and bureaucratic nightmare.

"The major concern is the vast regulatory structure that would be set up at the Department of Homeland Security," says Larry Clinton.

Clinton maintains that the best approach for both the public and private sectors is to devise a cyber defense strategy that does not unfairly burdon companies with unsustainable costs through regulatory mandates.

"Whether we like it or not, we are going to have to figure out a way to get private companies to make, on a sustainable basis, investments that are not justified by their business plans. Simply telling them, 'You have to ignore your business plan,' is not a sustainable model. We have to find a way to make it economic," Clinton continued.

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Tuesday, May 08, 2012Presidential Policy Directive 8: National Preparedness (PPD-8) describes the Nation’s approach to preparing for the threats and hazards that pose the greatest risk to the security of the United States.

The Directive requires a National Preparedness Report (NPR), an annual report summarizing the progress made toward building, sustaining, and delivering the 31 core capabilities described in the National Preparedness Goal.

Cybersecurity Key Finding: Cyber attacks have increased significantly in number and sophistication in recent years, resulting in the Federal Government and private sector partners expanding their cybersecurity efforts.

The U.S. Computer Emergency Readiness Team (US-CERT) reported an over 650-percent increase in the number of cyber incidents reported by federal agencies over a five-year period, from 5,503 in FY 2006, to 41,776 in FY 2010.

Almost two-thirds of U.S. firms report that they have been the victim of cybersecurity incidents or information breaches. Moreover, this serious problem may be subject to underreporting: only 50 percent of owners and operators at high-priority facilities participating in the ECIP security survey said that they report cyber incidents to external parties.

To counter these and related threats, federal and private sector partners have accelerated initiatives to enhance data collection, detect events, raise awareness, and respond to cyber incidents. In fact, most infrastructure protection stakeholders now identify cybersecurity as a priority issue for their programs.

At least 10 different critical infrastructure sectors have established joint public-private working groups through the SCCs and GCCs focused on cyber issues. In FY 2011, facility owners and operators from all 18 critical infrastructure sectors conducted assessments using the DHS Cyber Security Evaluation Tool.

This free software helps users assess their systems and networks through a series of guided questions. In addition, DHS and DOD are jointly undertaking a proof-of-concept called the Joint Cybersecurity Services Pilot.

The purpose of this pilot program is to enhance the cybersecurity of participating Defense Industrial Base (DIB) critical infrastructure entities and to protect sensitive DOD information and DIB intellectual property that directly supports DOD missions or the development of DOD capabilities from unauthorized access, exfiltration, and exploitation.

By the end of FY 2011, the National Cybersecurity Protection System was monitoring cyber intrusions with advanced technology for 37 of 116 federal agencies (32 percent), exceeding the proposed target of 28 percent. DHS’s National Cyber Security Division (NCSD) and Science and Technology Directorate also contribute to the development of international cybersecurity standards by participating in standards bodies such as the International Telecommunication Union, the International Organization for Standardization, and the Internet Engineering Task Force.

DHS operates the National Cybersecurity and Communications Integration Center, a 24-hour center responsible for coordinating cyber and communications warning information across federal, state, and local governments, intelligence and law enforcement communities, and the private sector.

DHS has also established the Cybersecurity Information Sharing and Collaboration Program (CISCP), a systematic approach to cyber information sharing and cooperation with critical infrastructure owners and operators. The program incorporates government participants, Information Sharing and Analysis Centers (ISACs), and other critical infrastructure owners and operators, and facilitates the fusion of data through collaboration among CISCP entities to develop and share cross-sector information products through a secure portal.

In addition, the National Cyber Investigative Joint Task Force (NCIJTF) facilitates federal interagency collaboration and serves as a central point of entry for coordinating, integrating, and sharing pertinetinformation related to cyber-threat investigations. The FBI oversees the NCIJTF, which includes representation from 18 partner agencies from the intelligence and law enforcement communities.

The FBI also runs 65 cyber task forces across the country that integrate federal, state, and local assets. At the state, local, tribal, and territorial levels, the Multi-State Information Sharing and Analysis Center is a cybersecurity focal point, including a cybersecurity operations center that provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification and mitigation, and incident response.

The Secret Service has successfully dismantled some of the largest known cybercriminal organizations by working through the agency’s established network of 31 Electronic Crimes Task Forces (ECTFs). With the recent addition of two international ECTFs in Rome, Italy, and London, England, local law enforcement can leverage ECTF participation in Europe, a hub of cybercriminal activity.

Despite progress achieved through these efforts, the SPR survey shows that cyber capabilities are lagging at the state level. Results indicated that Cybersecurity was the single core capability where states had made the least amount of overall progress, with an average capability level of 42 percent. In addition, DHS’s 2011 Nationwide Cybersecurity Review highlighted gaps in cyber-related preparedness among 162 state and local entities.

For example, though 81 percent of respondents had adopted cybersecurity control frameworks and/or methodologies, 45 percent stated they had not implemented a formal risk management program. Moreover, approximately two-thirds of respondents had not updated information security or disaster recovery plans in at least two years. The challenges identified in these reviews likely apply across sectors.

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Morris flogs his latest book here, but the point made seems quite sound to me.

=============

China Has Hacked Our Electric Power Grid: Read About It In Screwed!By DICK MORRISPublished on DickMorris.com on May 10, 2012

In our new book Screwed!, we report that almost unnoticed and with no threat of retaliation, China has likely hacked into the United States electric grid, potentially giving it the ability to paralyze our economy and our nation by tapping a few keys on a computer.

Writing in the Wall Street Journal, Bush's anti-terrorism coordinator Richard Clarke reports that "in 2009, the control systems for the U.S. electric power grid [were] hacked and secret openings created so that the attacker could get back in with ease. One expert noted that the hackers "left behind software that could be used to cause disruptions or even shut down the system."

While we cannot confirm that it was China that did the hacking, it is the only country with the technical expertise in hacking to have accomplished it.

What were the hackers after? Clarke notes that "there is no money to steal on the electrical grid, nor is there any intelligence value that would justify cyber espionage. The only point to penetrating the grid's controls is to counter American military superiority by threatening to damage the underpinning of the U.S. economy. Chinese military strategists have written about how in this way a nation like China could gain an equal footing with the militarily superior United States."

Anti-terror watchdogs have long been aware of the danger of an electromagnetic pulse triggered by the explosion of a nuclear device in the atmosphere over the United States. But by acquiring the ability to enter our grid anytime it wishes and disable it, China has likely acquired the ability to accomplish the same result without exploding a bomb.

Not only has Beijing likely hacked into our grid but, according to authors Brett M. Decker and William C. Triplett II in their excellent book Bowing to Beijing, China has even hacked into the Pentagon computer network "including the one serving [then] Defense Secretary Robert Gates."

James Lewis, director of the technology and policy program at the Washington think tank Center for Strategic and International Studies called the Chinese hacking "an espionage Pearl Harbor." Lewis told 60 minutes that China had downloaded vast amounts of information from every major U.S. agency saying that we have lost more information than is stored in the entire Library of Congress through Chinese hacking.

What is the U.S. doing about it? Nothing. The modern day story of appeasement is not Obama's kowtowing to Muslim extremists as much as his total failure to confront China.

The president and Secretary of State Clinton fret over alienating China for fear that they will stop lending us money. Romney, who understands these things better than either Obama or Clinton, emphasizes China's vulnerability. "We sell then $50 billion. They sell us $400 billion. They want a trade war? Bring it on!"

The Chinese lend us money because they have to. They buy dollars to make our currency artificially expensive and theirs' commensurately cheap. With their currency manipulation, our products are 40% more costly in their markets and theirs' are 40% cheaper in our stores, fueling the imbalance of trade. Once they own the dollars, what are they going to do with them? The only safe thing is to buy U.S. Treasury notes, hence they "lend" us money. If they stopped buying dollars and acquiring an unfair trade advantage over us, we wouldn't need them to keep lending us money, our economy would be thriving.

We cannot sit by complacently and let China rob us blind, hacking our technology, our military secrets, and our power grid. We need a president who will stand up for America.

To grasp the appalling extent of Chinese hacking and espionage against the U.S. commercial and military sectors, read about it in Screwed!, on sale now!

No comment on "DHS: National Preparedness Report and Cybersecurity" yet but that book "China Has Hacked Our Electric Power Grid: Read About It In Screwed!" seems interesting I can tell you that just through job searching the DoE has been ramping up.

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Last week on 20/20 or 60 minutes or one of those shows was a segment on how military computers were all compromised in 2007 by a thumb drive and "terabytes" of military and other government data was all downloaded to some foreign entity. The foreign entity was not named. I thought they were implying it was Chinses but this suggests Russian. Basically they got EVERYTHING from what sounded like the entire US governnent/military.

This sounds like what they were talking about. They pointed out it was when W was President:

WASHINGTON D.C. – Teresa M. Takai, Acting Assistant Secretary of Defense for Networks and Information Integration, the Department of Defense’s Chief Information Officer, said in an interview that cyber defense is a major part of the DOD’s technology agenda. But she declined to characterize the current climate of often state-sponsored cyber attacks as cyber war.“The whole question of advanced persistent threats and the kinds of threat we face at the Department is something we’re very focused on,” Takai told MITechNews.Com Editor Mike Brennan. ”Cyber is a domain much like air, sea and space that we have to be prepared to defend.”Takai, the former state CIO for Michigan and then California, was recruited 18 months ago to serve as the principal advisor to the Secretary of Defense for Information Management, Information Technology and Information Assurance as well as non-intelligence Space systems, critical satellite communications, navigation, and timing programs, spectrum and telecommunications. She provides strategy, leadership, and guidance to create a unified information management and technology vision for the Department and to ensure the delivery of information technology based capabilities required to support the broad set of Department missions, including technology delivered to the battlefield for war fighters.“I advise Defense Secretary Leon Panetta as well as senior staff on how we should be spending $37 billion a year on IT,” she said. “In the simplest form, those duties, if we compare and contrast, in Michigan on an annual basis we were spending $500 million on IT. The biggest difference on what we do at the state level and now at the DOD is the kinds of systems we use are not traditional business support systems. Instead, we’re responsible for oversight of the military version of a police radio system. We’re responsible for everything up to where the information is shared. We manage the Department’s use of the spectrum. We are responsible for technologies that read out to the battlefield and for those individuals dealing with technology in the theater. So my responsibilities are more operational.”But in this digitally connected world where state and local governments reach out online to their respective constitutes, trying to reach back into their networks are hackers, organized crime, and state-driven cyber spies. These bad guys want to tap the treasure trove of rich intellectual data and financial information inside. Among her many former duties, Takai is the Past-President of the National Association of State Chief Information Officers so she knows first-hand the cyber threats state and local CIOs and CISOs deal with.“I think the states are concerned around privacy protection,” she said. “At the DOD, we deal with all aspects of cyber security. How to defend all our information. We have a lot of R&D to protect. There are those who want to get in and maliciously disable or damage or change information. We’re so heavily dependent on our network for a national security role.”As such, she works closely with Gen. Keith B. Alexander, who runs United States Cyber Command (USCyberCom), an armed forces sub-unified command subordinate to U.S. Strategic Command. Alexander also runs the National Security Agency, a crypto logic intelligence agency at the Pentagon. While CyberCom is developing cyber defense strategies, NSA collects and analyzes foreign – and some say domestic – communications. Both also try to protect their respective computer networks from cyber intrusion, an increasingly difficult problem.Lately, Cyber Command has been in the headlines as the government tries to redefine its role and transform the roughly 1,400 person command into a cyber war fighting unit, on par with the armed services. This week, there were reports U.S. Cyber Command has been using special, classified briefings with private sector CEOs to scare them into greater vigilance about the threat of cyber attacks. The briefings are part of a three year-old program dubbed the "Enduring Security Framework" that was designed to foster closer coordination between private sector executives and Washington, so they predate Takai’s arrival at the Defense Department.“One way to describe cyber command is we have regional combatant commands, such as the Pacific Region, who understands the Pacific region,” Takai said. “When you compare that to CyberCom, they have the unique understanding of cyber space and they have the responsibility to take actions, and advise the Defense Secretary on all cyber activities. CyberCom protects the Department and is responsible for directing activities as they relate to cyber security.”Takai also confirmed published reports that the Pentagon has carved out a new secret spy group that press reports called the Defense Covert Intelligence unit. She, however, clarified those reports by calling the new unit, a function, instead.“One of the things we do is to look at the challenges and threats and organize to address them,” Takai said. “There wasn’t the establishment of a new agency or department at the Pentagon, but organizing around a new function they thought was important. It was the establishment of a specific group that focused on a problem we anticipate happening in the future. One example is looking at a specific time for draw-down in Afghanistan. It also performs future planning activities - how to do intelligence - and then restructures how to use these new resources. “Other duties include interfacing with the North Atlantic Treaty Organization (NATO) on their cyber preparedness. She will fly to Brussels, Belgium, later this month for the semiannual NATO board meeting to talk directly with her NATO counterparts.“I’m the U.S. rep to the NATO board that oversees all the technology that NATO develops,” she said. “If we think we move slowly at the Defense Department, try getting multiple nations together on technology. It is a challenging job.”Another challenging job is making the Defense Department’s IT management more centralized, she said. Right now DOD is very decentralized. When she was CIO in Michigan, IT management was just the opposite, very centralized. While In California, she said, she had to deal with 130 CIOs all with different agendas.“I think the challenge here is because the Department is so much bigger, that going to a completely centralized strategy does not make sense,” she said. “But we do want a level of centralization. War fighters want to operate across the Navy, Marines, Air Force and Army using the same technology base. The way we’re structured now is each service has the money to put out technology. We have to figure out a way to do it so when there is a joint operation. We have to figure out how to provide the right services so a war fighter has what he needs?”Another big difference is at the state level, the interaction is with citizens. At the Defense Department, the bulk of the interaction is internal. But one things remains the same in both worlds: Information silos.“It’s just different silos,” she said. “Each individual service has its own CIO. They don’t report to me, but they are required to follow the direction and policy I put out.”Also at the federal level, politicians are much more involved in IT policy than in the states, she said. “Politicians here like to know how we are spending their money,” Takai said. “And sometimes they want to get into the middle of it, but usually just for doing good accountability. The military folks are skilled technologists. It’s a little different with staff people and political appointees, whose philosophy is more, ‘Just go make it run and call me if you need me.’ “She declined to say much about the Cyber Intelligence Sharing and Protection Act (CISPA), which would allow for the sharing of internet traffic information between the U.S. government and certain technology and manufacturing companies. The stated aim of the bill is to help the U.S Government investigate cyber threats and ensure the security of networks against cyber attack.“We are supportive of the president’s agenda and do feel this legislative action is important going forward,” she said “Based on what we see at the Defense Department, there needs to be more action to protect our critical infrastructure. There are both military and civilians aspects to this.”What has been her biggest surprise at the Pentagon?“You can’t grasp the enormity of what the Department does until you get here,” Takai said. “It just has so many nuisances and cultures about it; I’m learning something new every day. “The most rewarding part of the job is when you see the areas you’re working in make a difference to the men and woman actually protecting this country,” she said. “It is the most phenomenal feeling to talk with people about what their needs are and work on things that will make a difference for those young men and woman who are away from their families’ months at a time. They do the work without complaining. And the level of dedication is just phenomenal. You can see the passion.”What advice does she have for somebody graduating from college with a degree in computer science who wants to get into government cyber security?“First of all, there are multiple jobs in cyber security,” Takai said. “It isn’t just about cryptologist, writing software, or monitoring networks. Second, it is good to have a technical background. Some engineering background would be preferable. Three, look around and see how many universities are developing cyber security curriculums. Some offer degree programs. Lastly, companies are looking for bright young people with engineering or computer science background to get into this field.”What about experienced security professionals. How can they get involved helping the government?“We all post our jobs on our government web sites,” she said. “Someone like Dan Lohrmann (Michigan CISO) has a lot of opportunities at the state level. If someone wants to come to Washington, there are jobs here, too. I would encourage people to go online and look at military base postings. We also are heavily dependent on our defense industrial base. General Electric has a large presence in Michigan. So there are any number of ways an individual can take a look at what opportunities exist within government or companies that do business with the government. “Both the DOD and NSA also are actively recruiting cyber security and technology specialists, and educating the present work force on the dangers posed by the Internet today.“We think we’ll have to grow in a couple ways at the Department of Defense,” she said. “We plan to train our entire workface to be cognoscente of the cyber threats and we need more specialists to monitor and defend our networks.”This interview was conducted by MITechNews.Com Editor & Publisher Mike Brennan. To read more about Assistant Secretary Takai, click on CIO.Gov

Author: Mike Brennan Source: Editor, MITechNews.Com

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

In a new report from Carnegie Mellon's CyLab, the energy and utilities sector rankis lowest in IT government and security in comparison to other industries.

The study, titled “The Governance of Enterprise Security: CyLab 2012 Report”, found that cyber security as a priority was lowest among those organizatons who administer aspects of the nation's critical infrastructure.

The report provides a side-by-side analysis of governance and security oversight across several industries including utiliities, the financial and industrial production sectors, and was co-sponsored by Forbes and security provider RSA.

“Of the critical infrastructure respondents, the energy/utilities sector had the poorest governance practices. When asked whether their organizations were undertaking six best practices for cyber governance, the energy/utilities sector ranked last for four of the practices and next to last for the other two,” wrote the study's author Jody Westby.

The findings reported by Forbes are as follows:

71 percent of their boards rarely or never review privacy and security budgets.79 percent of their boards rarely or never review roles and responsibilities.64 percent of their boards rarely or never review top-level policies.57 percent of their boards rarely or never review security program assessments.“What is disturbing about these findings is that the energy/utilities sector is one of the most regulated industry sectors and one of the most important to business continuity,” Westby said.

She also noted that Industrial Control Systems (ICS) and SCADA controls "were not designed for security and have no logging functions to enable forensic investigations of attacks."

Also of concern was the finding that the energy and utility sector “placed the least value on IT experience when recruiting board members,” Westby noted.

While the energy and utility sector rated poorly in the study, the other sectors surveyed did not fare much better, and the report further iterates the disconnect between the Board of Directors and organizational security.

In March, CyLab issued the third in a series of reports examining information security governance from the standpoint of corporate Boards.

The report, which utilized a data pool selected from the Forbes Global 2000 list, shows that little has changed in the way of a concerted focus on cyber security by those at the highest levels of leadership in some of the world's largest corporate entities.

"Boards and senior management still are not exercising appropriate governance over the privacy and security of their digital assets. Even though there are some improvements in key “regular” board governance practices, less than one-third of the respondents are undertaking basic responsibilities for cyber governance. The 2012 gains against the 2010 and 2008 findings are not significant and appear to be attributable to slight shifts," the report noted.

The findings showed that around half of the respondents indicated that the Boards of Directors rarely or never engage in policy reviews for IT security, assessments of the roles and responsibilities for senior level security managers, or actively exercise oversight of annual security budgets.

In addition, only about a third of respondents regularly or occasionally receive and review reports regarding the state of enterprise information security risk management.

The report also found that on average less than two-thirds of the corporations examined did not have senior level security and privacy personnel in place, such as a CSO or CISO, and only about thirteen percent had a Chief Privacy Officer in place.

Overall, the report did show slight improvements over the results from the 2008 and 2010 studies, but the long and short of it is that corporate Boards of Directors have still not embraced privacy and security matters adequately, even in the wake of well publicized and obviously damaging security events.

The lack of urgency in addressing enterprise security issues ultimately leaves companies and their stakeholders at risk of impact from a catastrophic data loss event.

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

When reading this sort of thing, I get a gloomy apocalyptic feeling that in a moment of high tension with China (e.g. they decide it is time for us to abandon Taiwan) we will get some warning shots across bow letting us know that our entire grid and much more can be mightily disrupted.

Apparently there are serious security issues of this sort in the chips and such that we buy from China to build our missiles and advanced military aircraft.

Cyber espionage is an issue whose time has come. In this second report from the Information Warfare Monitor, we lay out the findings of a 10-month investigation of alleged Chinese cyber spying against Tibetan institutions. The investigation, consisting of fieldwork, technical scouting, and laboratory analysis, discovered a lot more.The investigation ultimately uncovered a network of over 1,295 infected hosts in 103 countries. Up to 30% of the infected hosts are considered high-value targets and include computers located at ministries of foreign affairs, embassies, international organizations, news media, and NGOs. The Tibetan computer systems we manually nvestigated, and from which our investigations began, were conclusively compromised by multiple infections that gave attackers unprecedented access topotentially sensitive information. But the study clearly raises more questions than it answers. From the evidence at hand, it is not clear whether the attacker(s) really knew what they had penetrated, or if the information was ever exploited for commercial or intelligence value. Some may conclude that what we lay out here points definitively to China as the culprit. Certainly Chinese cyber-espionage is a major global concern. Chinese authorities have made it clear that they consider cyberspace a strategic domain, one which helps redress the military imbalance between China and the rest of the world (particularly the United States). They have correctly identified cyberspace as the strategic fulcrum upon which U.S. military and economic dominance depends. But attributing all Chinese malware to deliberate or targeted intelligence gathering operations by the Chinese state is wrong and misleading. Numbers can tell a different story. China is presently the world’s largest Internet population. The sheer number of young digital natives online can more than account for the increase in Chinese malware. With more creative people using computers, it’s expected that China (and Chinese individuals) will account for a larger proportion of cybercrime. Likewise, the threshold for engaging in cyber espionage is falling. Cybercrime kits are now available online, and their use is clearly on the rise, in some cases by organized crime and other private actors. Socially engineered malware is the most common and potent; it introduces Trojans onto a system, and then exploits social contacts and files to propagate infections further. Furthermore, the Internet was never built with security in mind. As institutions ranging from governments through to businesses and individuals depend on 24-hour Internet connectivity, the opportunities for exploiting these systems increases.

This report serves as a wake-up call. At the very least, a large percentage of high-value targets compromised by this network demonstrate the relative ease with which a technically unsophisticated approach can quickly be harnessed to create a very effective spynet…These are major disruptive capabilities that the professional information security community, as well as policymakers, need to come to terms with rapidly. These are major disruptive capabilities that the professional information security community, as well as policymakers, need to come to terms with rapidly.

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

The discovery of a malicious computer program that appears to be collecting sensitive information from Iran and others indicates the global cyberwar has moved to a new level, warn security experts. Kaspersky Labs, the Russian internet security company that discovered the malware, codenamed Flame, said it was more complex and sophisticated than any of the cyberweapons it has seen to date. “The Flame malware looks to be another phase in this war,” said Eugene Kaspersky, co-founder of Kaspersky Lab.

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

When I joined Mandiant earlier this year, I was given the opportunity to help write our annual M-Trends report. This is the third year Mandiant has published the report, which is a summary of the trends we’ve observed in our investigations over the last twelve months.I remember reading Mandiant’s first M-Trends report when it came out in 2010 and recall being surprised that Mandiant didn’t pull any punches. They talked about the advanced persistent threat or APT (they had been using that term for several years…long before it was considered a cool marketing, buzz word), and they were open about the origin of the attacks. The report summarized what I’d been seeing in industry, and offered useful insights for detection and response. Needless to say, I enjoyed the opportunity to work on the latest version.In this year’s report it details six trends we identified in 2011. We developed the six trends for the report very organically. That is, I spent quite a few days and nights reading all of the reports from our outstanding incident response team and wrote about what we saw—we didn’t start with trends and then look for evidence to support them.If you haven’t picked up a copy of the report yet, you can do so here. I will be blogging on each of the six trends over the next two weeks; you can even view the videos we’ve developed for each trend as each blog post is published:

Malware Only Tells Half the Story.Of the many systems compromised in each investigation, about half of them were never touched by attacker malware.In so many cases, the intruders logged into systems and took data from them (or used them as a staging point for exfiltration), but didn’t install tools. It is ironic that the very systems that hold the data targeted by an attacker are probably the least likely to have malware installed on them. While finding the malware used in an intrusion is important, it is impossible to understand the full scope of an intrusion if this is the focal point of the investigation. We illustrate actual examples of this in the graphical spread on pages 6-7 of the report.What does this mean for victim organizations?You could start by looking for malware, but don’t end there! A smart incident response process will seek to fully understand the scope of compromise and find all impacted systems in the environment. This could mean finding the registry entries that identify lateral movement, traces of deleted .rar files in unallocated space, or use of a known compromised account. It turns out that Mandiant has a product that does all of this, but the footnote on page 5 is the only mention you’ll see in the entire report (and even that was an afterthought).

« Last Edit: May 28, 2012, 11:40:46 PM by Robertlk808 »

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Another holiday here in upstate New York, another roll of the fire trucks while some were supposed to be kicking back and enjoying a barbeque.

It's times like this when I'm glad I'm not in the antivirus business anymore and doubly relieved that none of our machines run Windows. No flames here.

Computer security people however may have to reach for the extinguisher this morning as the latest conflagration in the news bounces across their desk, the discovery of yet another "super virus" called "FLAME" as reported by this BBC article.

Only problem is that according to Kaspersky, who made the discovery in coordination with the U.N.'s International Telecommunications Union (ITU), this one's been in the wild since at least December of 2010 and has only been detected now.

Here we go... again.

FLAME is described by Kaspersky as "one of the most complex threats ever discovered". And it's a huge mother. 20 modules and 20 megabytes worth.

Stranger yet is that the infector is an ActiveX control in the form of an OCX (OLE Control Extensions) file which apparently has run completely undetected for years. The worm runs as a Windows service, and most of the files are visible when running, making this even more of a surprise.

The Maher Center and Iran's CERTCC published this report identifying the worm and its components. What I find amusing from a researcher's standpoint is Kaspersky's theory that this too is a "state-sponsored" worm, but when you look at the code snippets which Kaspersky published, in addition to the various use of the word "flame" in the code, there are also variables called "gator" and "frog" in there as well.

When I've examined "officially" produced malware, such names for variables published within the code just do not happen. Another thing that doesn't smell right is that Israel has also been a target of this worm in numbers only exceeded by Iran as shown in this article in Australia's Herald Sun newspaper.

Kaspersky shared their find on Monday with the other antivirus companies and so hopefully it will be detected by the other antiviruses out there soon. I'll be enjoying the rest of the lemonaide from yesterday myself, that stuff can't run on our own stuff here.

About the author: Kevin McAleavey is the architect of the KNOS secure operating system ( http://www.knosproject.com ) in Albany, NY and has been in antimalware research and security product development since 1996.

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

A complex targeted cyber-attack that collected private data from countries such as Israel and Iran has been uncovered, researchers have said.

Russian security firm Kaspersky Labs told the BBC they believed the malware, known as Flame, had been operating since August 2010.

The company said it believed the attack was state-sponsored, but could not be sure of its exact origins.

They described Flame as "one of the most complex threats ever discovered".

Research into the attack was carried out in conjunction with the UN's International Telecommunication Union.

They had been investigating another malware threat, known as Wiper, which was reportedly deleting data on machines in western Asia.

In the past, targeted malware - such as Stuxnet - has targeted nuclear infrastructure in Iran.

Others like Duqu have sought to infiltrate networks in order to steal data.

This new threat appears not to cause physical damage, but to collect huge amounts of sensitive information, said Kaspersky's chief malware expert Vitaly Kamluk.

"Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on," he said.

More than 600 specific targets were hit, Mr Kamluk said, ranging from individuals, businesses, academic institutions and government systems.

Iran's National Computer Emergency Response Team posted a security alert stating that it believed Flame was responsible for "recent incidents of mass data loss" in the country.

The malware code itself is 20MB in size - making it some 20 times larger than the Stuxnet virus. The researchers said it could take several years to analyse.

Iran and IsraelMr Kamluk said the size and sophistication of Flame suggested it was not the work of independent cybercriminals, and more likely to be government-backed.

Continue reading the main storyAnalysis

Professor Alan WoodwardDepartment of Computing, University of SurreyThis is an extremely advanced attack. It is more like a toolkit for compiling different code based weapons than a single tool. It can steal everything from the keys you are pressing to what is on your screen to what is being said near the machine.

It also has some very unusual data stealing features including reaching out to any Bluetooth enabled device nearby to see what it can steal.

Just like Stuxnet, this malware can spread by USB stick, i.e. it doesn't need to be connected to a network, although it has that capability as well.

This wasn't written by some spotty teenager in his/her bedroom. It is large, complicated and dedicated to stealing data whilst remaining hidden for a long time.

Prof Alan Woodward on TwitterHe explained: "Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states.

"Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group."

Among the countries affected by the attack are Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.

"The geography of the targets and also the complexity of the threat leaves no doubt about it being a nation-state that sponsored the research that went into it," Mr Kamluk said.

The malware is capable of recording audio via a microphone, before compressing it and sending it back to the attacker.

It is also able to take screenshots of on-screen activity, automatically detecting when "interesting" programs - such as email or instant messaging - were open.

'Industrial vacuum cleaner'Kaspersky's first recorded instance of Flame is in August 2010, although it said it is highly likely to have been operating earlier.

Prof Alan Woodward, from the Department of Computing at the University of Surrey said the attack is very significant.

"This is basically an industrial vacuum cleaner for sensitive information," he told the BBC.

He explained that unlike Stuxnet, which was designed with one specific task in mind, Flame was much more sophisticated.

"Whereas Stuxnet just had one purpose in life, Flame is a toolkit, so they can go after just about everything they can get their hands on."

Once the initial Flame malware has infected a machine, additional modules can be added to perform specific tasks - almost in the same manner as adding apps to a smartphone

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Iran says it has developed tools that can defend against the sophisticated cyber attack tool known as Flame.

The country is believed to have been hit hard by the malicious programme which infiltrates networks in order to steal sensitive data.

Security companies said Flame, named after one of its attack modules, is one of the most complex threats ever seen.

Iran says its home-grown defence could both spot when Flame is present and clean up infected PCs.

Hard workIran's National Computer Emergency Response Team (Maher) said in a statement that the detection and clean-up tool was finished in early May and is now ready for distribution to organisations at risk of infection.

Flame was discovered after the UN's International Telecommunications Union asked for help from security firms to find out what was wiping data from machines across the Middle East.

An in-depth look at Flame by the Laboratory of Cryptography and System Security at Hungary's University of Technology and Economics in Budapest, said it stayed hidden because it was so different to the viruses, worms and trojans that most security programmes were designed to catch.

Continue reading the main story“Start Quote

Flame is not a widespread threat”

Graham CluleySophosIn addition, said the report, Flame tried to work out which security scanning software was installed on a target machine and then disguised itself as a type of computer file that an individual anti-virus programme would not usually suspect of harbouring malicious code.

Graham Cluley, senior technology consultant at security firm Sophos, said the programme had also escaped detection because it was so tightly targeted.

"Flame isn't like a Conficker or a Code Red. It's not a widespread threat," he told the BBC. "The security firm that talked a lot about Flame only found a couple of hundred computers that appeared to have been impacted."

Mr Cluley said detecting the software was not difficult once it had been spotted.

"It's much much easier writing protection for a piece of malware than analysing what it actually does," he said. "What's going to take a while is dissecting Flame to find out all of its quirks and functionality."

It is not yet clear who created Flame but experts say its complexity suggests that it was the work of a nation state rather than hacktivists or cyber criminals.

Iran suffered by far the biggest number of Flame infections, suggest figures from Kaspersky Labs in a report about the malicious programme.

Kaspersky said 189 infections were reported in Iran, compared to 98 in Israel/Palestine and 32 in Sudan. Syria, Lebanon, Saudia Arabia and Egypt were also hit.

In April, Iran briefly disconnected servers from the net at its Kharg island oil terminal as it cleared up after a virus outbreak - now thought to be caused by Flame.

In the same statement that announced its home-grown detection tool, Iran said Flame's "propagation methods, complexity level, precise targeting and superb functionality" were reminiscent of the Stuxnet and Duqu cyber threats to which it had also fallen victim.

Stuxnet is widely believed to have been written to target industrial equipment used in Iran's nuclear enrichment programme.

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Obama Order Sped Up Wave of Cyberattacks Against IranBy DAVID E. SANGERPublished: June 1, 2012 55 Comments• WASHINGTON — From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program.

Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet. At a tense meeting in the White House Situation Room within days of the worm’s “escape,” Mr. Obama, Vice President Joseph R. Biden Jr. and the director of the Central Intelligence Agency at the time, Leon E. Panetta, considered whether America’s most ambitious attempt to slow the progress of Iran’s nuclear efforts had been fatally compromised.

“Should we shut this thing down?” Mr. Obama asked, according to members of the president’s national security team who were in the room.

Told it was unclear how much the Iranians knew about the code, and offered evidence that it was still causing havoc, Mr. Obama decided that the cyberattacks should proceed. In the following weeks, the Natanz plant was hit by a newer version of the computer worm, and then another after that. The last of that series of attacks, a few weeks after Stuxnet was detected around the world, temporarily took out nearly 1,000 of the 5,000 centrifuges Iran had spinning at the time to purify uranium.

This account of the American and Israeli effort to undermine the Iranian nuclear program is based on interviews over the past 18 months with current and former American, European and Israeli officials involved in the program, as well as a range of outside experts. None would allow their names to be used because the effort remains highly classified, and parts of it continue to this day. (However they did consider it even more important that US voters know how tough President Obama is and so they blab to the press despite the cost to US security)

These officials gave differing assessments of how successful the sabotage program was in slowing Iran’s progress toward developing the ability to build nuclear weapons. Internal Obama administration estimates say the effort was set back by 18 months to two years, but some experts inside and outside the government are more skeptical, noting that Iran’s enrichment levels have steadily recovered, giving the country enough fuel today for five or more weapons, with additional enrichment.

Whether Iran is still trying to design and build a weapon is in dispute. The most recent United States intelligence estimate concludes that Iran suspended major parts of its weaponization effort after 2003, though there is evidence that some remnants of it continue.

Iran initially denied that its enrichment facilities had been hit by Stuxnet, then said it had found the worm and contained it. Last year, the nation announced that it had begun its own military cyberunit, and Brig. Gen. Gholamreza Jalali, the head of Iran’s Passive Defense Organization, said that the Iranian military was prepared “to fight our enemies” in “cyberspace and Internet warfare.” But there has been scant evidence that it has begun to strike back.

The United States government only recently acknowledged developing cyberweapons, and it has never admitted using them. There have been reports of one-time attacks against personal computers used by members of Al Qaeda, and of contemplated attacks against the computers that run air defense systems, including during the NATO-led air attack on Libya last year. But Olympic Games was of an entirely different type and sophistication.

It appears to be the first time the United States has repeatedly used cyberweapons to cripple another country’s infrastructure, achieving, with computer code, what until then could be accomplished only by bombing a country or sending in agents to plant explosives. The code itself is 50 times as big as the typical computer worm, Carey Nachenberg, a vice president of Symantec, one of the many groups that have dissected the code, said at a symposium at Stanford University in April. Those forensic investigations into the inner workings of the code, while picking apart how it worked, came to no conclusions about who was responsible.

A similar process is now under way to figure out the origins of another cyberweapon called Flame that was recently discovered to have attacked the computers of Iranian officials, sweeping up information from those machines. But the computer code appears to be at least five years old, and American officials say that it was not part of Olympic Games. They have declined to say whether the United States was responsible for the Flame attack.

Mr. Obama, according to participants in the many Situation Room meetings on Olympic Games, was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade. He repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons — even under the most careful and limited circumstances — could enable other countries, terrorists or hackers to justify their own attacks. (Which makes the leakers even more irresponsible , , ,)

Page 2 of 5)

“We discussed the irony, more than once,” one of his aides said. Another said that the administration was resistant to developing a “grand theory for a weapon whose possibilities they were still discovering.” Yet Mr. Obama concluded that when it came to stopping Iran, the United States had no other choice. Multimedia

If Olympic Games failed, he told aides, there would be no time for sanctions and diplomacy with Iran to work. Israel could carry out a conventional military attack, prompting a conflict that could spread throughout the region.

A Bush Initiative

The impetus for Olympic Games dates from 2006, when President George W. Bush saw few good options in dealing with Iran. At the time, America’s European allies were divided about the cost that imposing sanctions on Iran would have on their own economies. Having falsely accused (well “mistaken accused due to SH’s efforts to pretend he had a program in order to bluff the Iranians would be more accurate, but that would not serve the purposes of Prada on the Hudson) Saddam Hussein of reconstituting his nuclear program in Iraq, Mr. Bush had little credibility in publicly discussing another nation’s nuclear ambitions. The Iranians seemed to sense his vulnerability, and, frustrated by negotiations, they resumed enriching uranium at an underground site at Natanz, one whose existence had been exposed just three years before. Iran’s president, Mahmoud Ahmadinejad, took reporters on a tour of the plant and described grand ambitions to install upward of 50,000 centrifuges. For a country with only one nuclear power reactor — whose fuel comes from Russia — to say that it needed fuel for its civilian nuclear program seemed dubious to Bush administration officials. They feared that the fuel could be used in another way besides providing power: to create a stockpile that could later be enriched to bomb-grade material if the Iranians made a political decision to do so.

Hawks in the Bush administration like Vice President Dick Cheney urged Mr. Bush to consider a military strike against the Iranian nuclear facilities before they could produce fuel suitable for a weapon. Several times, the administration reviewed military options and concluded that they would only further inflame a region already at war, and would have uncertain results.

For years the C.I.A. had introduced faulty parts and designs into Iran’s systems — even tinkering with imported power supplies so that they would blow up — but the sabotage had had relatively little effect. General James E. Cartwright, who had established a small cyberoperation inside the United States Strategic Command, which is responsible for many of America’s nuclear forces, joined intelligence officials in presenting a radical new idea to Mr. Bush and his national security team. It involved a far more sophisticated cyberweapon than the United States had designed before.

The goal was to gain access to the Natanz plant’s industrial computer controls. That required leaping the electronic moat that cut the Natanz plant off from the Internet — called the air gap, because it physically separates the facility from the outside world. The computer code would invade the specialized computers that command the centrifuges.

The first stage in the effort was to develop a bit of computer code called a beacon that could be inserted into the computers, which were made by the German company Siemens and an Iranian manufacturer, to map their operations. The idea was to draw the equivalent of an electrical blueprint of the Natanz plant, to understand how the computers control the giant silvery centrifuges that spin at tremendous speeds. The connections were complex, and unless every circuit was understood, efforts to seize control of the centrifuges could fail.

Eventually the beacon would have to “phone home” — literally send a message back to the headquarters of the National Security Agency that would describe the structure and daily rhythms of the enrichment plant. Expectations for the plan were low; one participant said the goal was simply to “throw a little sand in the gears” and buy some time. Mr. Bush was skeptical, but lacking other options, he authorized the effort.

Breakthrough, Aided by Israel

Page 3 of 5)

It took months for the beacons to do their work and report home, complete with maps of the electronic directories of the controllers and what amounted to blueprints of how they were connected to the centrifuges deep underground.

Then the N.S.A. and a secret Israeli unit respected by American intelligence officials for its cyberskills set to work developing the enormously complex computer worm that would become the attacker from within.

The unusually tight collaboration with Israel was driven by two imperatives. Israel’s Unit 8200, a part of its military, had technical expertise that rivaled the N.S.A.’s, and the Israelis had deep intelligence about operations at Natanz that would be vital to making the cyberattack a success. But American officials had another interest, to dissuade the Israelis from carrying out their own pre-emptive strike against the Iranian nuclear facilities. To do that, the Israelis would have to be convinced that the new line of attack was working. The only way to convince them, several officials said in interviews, was to have them deeply involved in every aspect of the program.

Soon the two countries had developed a complex worm that the Americans called “the bug.” But the bug needed to be tested. So, under enormous secrecy, the United States began building replicas of Iran’s P-1 centrifuges, an aging, unreliable design that Iran purchased from Abdul Qadeer Khan, the Pakistani nuclear chief who had begun selling fuel-making technology on the black market. Fortunately for the United States, it already owned some P-1s, thanks to the Libyan dictator, Col. Muammar el-Qaddafi.

When Colonel Qaddafi gave up his nuclear weapons program in 2003, he turned over the centrifuges he had bought from the Pakistani nuclear ring, and they were placed in storage at a weapons laboratory in Tennessee. The military and intelligence officials overseeing Olympic Games borrowed some for what they termed “destructive testing,” essentially building a virtual replica of Natanz, but spreading the test over several of the Energy Department’s national laboratories to keep even the most trusted nuclear workers from figuring out what was afoot.

Those first small-scale tests were surprisingly successful: the bug invaded the computers, lurking for days or weeks, before sending instructions to speed them up or slow them down so suddenly that their delicate parts, spinning at supersonic speeds, self-destructed. After several false starts, it worked. One day, toward the end of Mr. Bush’s term, the rubble of a centrifuge was spread out on the conference table in the Situation Room, proof of the potential power of a cyberweapon. The worm was declared ready to test against the real target: Iran’s underground enrichment plant.

“Previous cyberattacks had effects limited to other computers,” Michael V. Hayden, the former chief of the C.I.A., said, declining to describe what he knew of these attacks when he was in office. “This is the first attack of a major nature in which a cyberattack was used to effect physical destruction,” rather than just slow another computer, or hack into it to steal data.

“Somebody crossed the Rubicon,” he said.

Getting the worm into Natanz, however, was no easy trick. The United States and Israel would have to rely on engineers, maintenance workers and others — both spies and unwitting accomplices — with physical access to the plant. “That was our holy grail,” one of the architects of the plan said. “It turns out there is always an idiot around who doesn’t think much about the thumb drive in their hand.”

In fact, thumb drives turned out to be critical in spreading the first variants of the computer worm; later, more sophisticated methods were developed to deliver the malicious code.

The first attacks were small, and when the centrifuges began spinning out of control in 2008, the Iranians were mystified about the cause, according to intercepts that the United States later picked up. “The thinking was that the Iranians would blame bad parts, or bad engineering, or just incompetence,” one of the architects of the early attack said.

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

(If you follow the link there are some interesting links in the "related stories" sidebar along with a quiz about Cyber Security.)

Obama ordered Stuxnet cyberattack, reports say. Did it leave US vulnerable?A New York Times report claims that President Obama used the Stuxnet cyberweapon to set back Iran's nuclear program. But experts caution that the worm could be reverse-engineered.

Stuxnet, the world's first publicly identified cyber superweapon, was unleashed against Iran's nuclear fuel-enrichment facility as part of a joint US-Israel cybersabotage operation, according to press reports Friday citing anonymous administration officials.

The news reports, which seem to remove any fig leaf of plausible deniability, could in the near term undermine ongoing nuclear talks with Iran. It could even provide Iran with internal justification for a cyber counterstrike against the US.

In the longer run, however, it also raises questions about how a US national policy of using powerful digital weapons could impact American security. Of particular concern is the possibility that such attacks could provide a digital copy of the cyberweapon to rogue nations or that hacktivists could reverse-engineer the weapon for use against the power grid or other key US infrastructure.

"Certainly we have thought Stuxnet was very likely to be a US-Israel operation – and that assumption has now turned out to be the case," says Stewart Baker, a lawyer and former senior official at the National Security Agency and the Department of Homeland Security. "In some ways, I do feel as though we've been living in a glass house for years and now we've decided we're going to invent rocks."

In the New York Times account, the cyberweapon was developed under a program initiated by President George W. Bush. President Obama then gave the go-ahead for a cyberweapon dubbed "the bug" to be unleashed in an attempt to derail Iran's bid to make nuclear-weapons fuel. The thrust of the account was separately confirmed by administration officials in a Washington Post report Friday.

But in summer 2010, after it became clear to the White House that "the bug" had inadvertently escaped the isolated network of Iran's Natanz uranium-enrichment plant and spread to computers worldwide, top administration officials held a "tense meeting" in the White House Situation Room, the Times said.

“Should we shut this thing down?” Obama asked, according to sources. It was unclear how much the Iranians knew about the code, and there was evidence that it was still vexing the Iranians, he was told. "Mr. Obama decided that the cyberattacks should proceed," the Times reported

By late summer 2010, cybersecurity companies and the trade press were actively analyzing and debating the purpose of the strange piece of malicious software, dubbed "Stuxnet" after a file name inside the software. On Sept. 21, 2010, Ralph Langner, a German industrial-control systems cybersecurity expert from Hamburg, publicly identified Stuxnet as the world's first cyberweapon and named its likely target as Iran's nuclear facilities, as first reported and confirmed with other systems experts by the Monitor. Not long after, he postulated that the US and likely Israel, too, were behind the attacks.

Although Stuxnet is estimated to have eventually destroyed as many as 1,000 high-speed Iranian gas centrifuges designed to enrich uranium, its importance was far larger than that, Mr. Langner warned. It demonstrated that a cyberweapon could physically destroy critical infrastructure, and that process could also work in reverse.

"One important difference between a cyber offensive weapon and some kind of advanced bomb, for example, is that when the bomb blows up you can't examine or reverse-engineer it," says Joel Brenner, a former national counterintelligence executive in the Office of the Director of National Intelligence.

"Once you find the malware, on the other hand, once you find the code, you can see how it was done," he says. "So we are going to see more operations of this kind – and the US's critical infrastructure is undoubtedly going to be targeted. I still don't think that the owners and operators of most of that infrastructure understand the gravity of this threat."

According to the Times, participants in the many Situation Room meetings say Obama "was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade. He repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons – even under the most careful and limited circumstances – could enable other countries, terrorists or hackers to justify their own attacks."

In the end, Obama concluded the US had little choice, the presidential aides told the Times. The alternative could be a nuclear Iran. But the attacks could also provoke Iran to retaliate.

"There are real risks here," Mr. Baker says. "The most immediate and obvious one is that the Iranians will feel even more motivated to respond in kind. This is not a particularly restrained Iranian administration. It's used terrorists and terrorist proxies for years. It may feel that [Stuxnet] gives them one free shot at the American industrial-control system of their choice. And the consequences might not be 10 years down the road either. It might be next week."

Another key takeaway is that cyberwar is unlikely to remain anonymous.

"The world we're moving into is one where attribution for such attacks will not be a problem," says James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies in Washington. "A nation might not be able to block an attack immediately, but you will be able to find out who's responsible."

RECOMMENDED: From the man who discovered Stuxnet, dire warnings one year later

Related stories

How much do you know about cybersecurity? Take our quiz.Beyond Stuxnet: massively complex Flame malware ups ante for cyberwarStuxnet malware is 'weapon' out to destroy ... Iran's Bushehr nuclear plant?Cybersecurity: How US utilities passed up chance to protect their networks Previous

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Ah. I was wondering if the reason was to give the impression of toughness on Iran by Baraq i.e. he sacrificed national security for his perceived political benefit.

It could be that too, I was wondering if it was supposed to somehow help him with re-election as well and like you said a lot of info was released.

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

(June 5 & 6, 2012)Saying that she is "deeply disturbed by the continuing leaks ofclassified information to the media, most recently regarding allegedcyber efforts targeting Iran's nuclear program," US Senator DianneFeinstein (D-California) is calling for legislative hearings about theleaks regarding the US's involvement with the Stuxnet worm. SenatorFeinstein is not asking for the hearings to address the actual attacks.Senator Carl Levin (D-Michigan), who chairs the Senate Armed ServicesCommittee, has agreed to hold a hearing on the matter. The FBI hasreportedly launched an investigation into the leaks. There is concernthat the revelation will encourage copycat attacks against the US.

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Scene: POTUS stands silhouetted in the doorway of the SITROOM looking intently at a small tablet screen. Around him his cyber generals sit shifting uncomfortably from time to time in the long pregnant pause.

POTUS: “Clarke, so, you say this is the only way that we can get into and destroy their capability?”

Clarke: “Yes,” he says lugubriously

POTUS: “Well then, let’s send them the stick... Someone will be stupid enough to plug it in.”

Scene: The generals all rise and leave single file out the door falling into the darkness of the hallway in the bowels of the White House. POTUS looks up at Clarke who is fixing his one black leather glove.

POTUS: “You know, if this goes wrong we’ll just blame it on Israel right?”

Clarke: “That contingency has already been taken care of, I have primed the veep… He’ll fbomb that stuff like a Torrettes patient off his meds.”

POTUS: “God love that crazy mick”

Cut scene: Screen goes dark

Stuxies Midnight Emissions

Well, it’s been a crazy week or so in the news cycle. With the revelations that POTUS personally had a hand in the destruction of Iranian nuclear centrifuges with malware, the floodgates of stupid have opened up and we have a wave as high as the biblical one that wiped the earth clean of people (if you believe that kind of crap).

Since this came to light in the NY Times, we have had all sorts of characters pontificating on the subject. Everyone has their opinion and unfortunately, all of them mean nothing to anyone of note because the real decisions of state have already been made haven’t they?

Onward we will sally forth though, with vigorous words on how we are the pre-eminent power on earth and how we are blessed by God him/her/itself and looking back be damned. We had the coders and we had the will so we did it.

Now, don’t get me wrong, I agree with the end result of the Stuxnet malware itself. I think though we could have been more subtle and manipulated their product instead of just causing the centrifuges to eat themselves, but, that is another story. No, we did what I think was a nice little piece of work against a regime that is unstable enough to do more with nuclear weapons than just stockpile them.

Frankly, one way or another, Iran will eventually get the nuclear bomb, but, we seem to have slowed them down a bit at the very least with this attack. Or, I should say, did slow them down, for a little while. Now though, after this report in the Times and the non attributable crowing of the administration that was behind it attributing themselves as the culprits, I think that Iran will just redouble their efforts on this issue as well as the development of Stuxnet II “This Time It’s Personal” as the movie poster will declare.

Nope, for me the issue I have with all of this is that the admin is using this as a cudgel to win an election. This and this alone is the bone of contention I have with POTUS and company. A POTUS that ostensibly is SOOOOOO upset over leakers and prosecutes them to the fullest of the law...That is, until it serves their personal or political needs that is.

I find it comical now that there are calls in the senate to investigate the “leaks and leakers” within the White House who talked to Sanger about their digital daring do. All you really need to do Mr. senator is walk up to 1600 Pennsylvania Ave and knock on the oval office door. You can find the leaker there I can assure you.

Hubris, thy name is “Politician”.

Politics, Pedantry, and Hucksterism

So, there you have it, we created Stuxnet with much secrecy, so much secrecy that it got leaked to the New York Times! Well, not so much leaked as much as planted in the Times by the spinmeisters as a political pogramme on us all to sway our vote.

The Times story is rife with allegory on how the admin was taking care with this operation and that they wanted as little collateral damage as possible. The program was tested on an analogous testbed with equipment that we got from Libya, the results of which were the destroyed remains of the centrifuges, all was in preparation. All we need then do was get an asset on the ground to plug in a USB stick and viola! Instant PWNAGE!

I’m sure there will be a full length feature film soon and it will be fueled by the leaks that this Times article and subsequent book were as well. Do you suppose they will be filming at Ft. Meade? Will Mike Hayden make a guest appearance? We all want to know! Suffice to say, that the media, the pundits and the other nations of the world will be taking note and working out their responses to all of the revelations from POTUS and company. For me though, my response is already quite clear…

“We’re fraked”

This whole escapade was ruined by the need of the admin to tattle on itself. I personally highly doubt that this was leaked by one person and all by themselves outing a whole clandestine operation. No, this was a political move, one that will I think, have some blowback on us all. Some will make the argument that the US wanted the Iranians to know, so we could be the “Babe Ruth” pointing at the backfield as if to say “That’s right muthafrakers… We are the shit and we will frak you up.”

I do not ascribe to that being the case as a tactic, hell, Biden then throws the Israeli’s under the bus twice in that article! It was the equivalent of verbal chaff and anyone with half a brain can see that.

“Well we did this because we wanted to settle the Israeli’s down, or they would have gone in hot.”

Uhh yeah, nice way to say we did it “only because we had to.”

Say, didn’t I see an ad by you offering a sweet price on a bridge somewhere?

Tell the truth, you wanted this out on that particular Friday because the jobs numbers were EPIC SUCK ok? Just please, admit it! C’mon, somewhere in your addled minds you know you want to tell the truth sometime!

FLAME ON YOU CRAZY DIAMOND!

Meanwhile, the FLAME debacle came into focus. An uber malware designed in the future by mad scientists and SKYNET with a 18 meg LUA decoder! This little gem has been perfectly timed to coincide with the STUXNET. Well, maybe, since it was Eugene Kaspersky ringing the bell on this one, perhaps not.

However, the FLAME seems to be all about stealing every conceivable piece of data it can get its hands on. It was a welll run operation that has been going on since at least 2010 and bears the hallmarks of an intelligence agency running it. The use of cutout accounts with multiple names and locations as well as payment schemes shows that it wasn’t just Joe botnet herder. No, this one also was nation state most likely, but who’s?

More importantly, how many of you out there would like to take odds on just when POTUS will leak the details of how we did this one to the Times? Takers? Anyone? C’mon I can bet bitcoins! Aww shucks… Guess you are all too smart and know that soon enough we will be reading about this “super secret black operation” in the papers. Even today more facts have come out of the reverse engineers saying that FLAME has a novel MD5 attack that has been known about since 2008 was it?

“Oooh sekret”

Be assured, that the FLAME will burn on as will the stupid around it from all sides.. Media.. Pundits… Politicians... Malware vendors… I don’t care if FLAME is LAME, I only care that this escalation is getting out of proportion and those running the programs are leaking the details to effect their political efforts.

Let’s CYBER Like It’s 1999

Now on to the word “CYBER” and its unfortunate tagging with “WAR” right after it. I have railed against this word for some time now but even with the best of my efforts, the douchery abounds. In fact, the douchery seems to know NO bounds frankly. I remember a time when CYBER was only followed by SEX and really wish it would just go back to being that.

Instead, we now have doctrine being written for “Cyberspace” and plans being made to militarize it all. All the while though not many really understand the space or the technology that they want to “CYBER” in! I can smell the fail now and it smells of cheap political and capitalist cologne.

Aside from the nomenclature issues here, I feel like others I have seen, that this has all been one giant mistake. We have opened “Pandora’s Box” as Mikko put it, and we are not ready for the consequences. I am damn sure that our infrastructure isn’t never mind the people and companies that run and own it all.

Try getting all of these players to secure their shit even on a microcosmic scale and you will see my pain. We in the business have known all too well that too many times within the mental calculus that management makes, security is a lesser understood or cared about concern over the bottom line in the world of black ink in the books.

So, my prognosis for this patient is “you’re fraked” but, with the caveat that we have been for a long long time. Will all the antics with the declaration of “CYBERWAR” by the Obama administration really make a difference in the tempo of battle already ongoing? Will nation states and others speed up their efforts to bring down parts of our grid? To what end? What are we producing that is equivalent to a small vector like Natanz and nuclear fuel? I guess what I am asking is, just what are the odds of the first great CYBERWAR being brought to our digital shores? Can I expect to turn on the light switch soon to find that there is no power?

Or even worse… Will they STUXNET Apple’s facilities so the kiddies can’t get their new shiny MacBooks?

OH THE HUMANITY!

I guess this is all being mapped out, kinda like the PROJECT X that plans on mapping the whole of the internet... So they can attack it. Time will tell I suppose, but, in the meantime, your fool forecast is for a high probability of foolishness at levels never before seen. So wear your rubbers kids.

We’re Doomed

But seriously, I think that we are doomed. Not the kind of doom where the world will end in a zombie apocalypse though. Hell, I would love to have that instead of what we are going to get. Instead we will have more stupidity, more controls being placed on the internet, and a slew of half baked ideas that will only serve to make us all more constrained in our daily affairs online.

Oh, and we will also live every day more in fear that some nation state, corporation, or crazy group of terrorists, will attempt to destroy something in our infrastructure… Because they can and feel the need to.

Welcome to the CYBERWARS! Please keep all hands and feet inside the ride at all times.

Barf bags will be available for fifty cents at the ride’s end.

K.

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

With the new spate of malware attacks (alleged by nation state actors) as well as other attacks by the likes of Anonymous on down to the usual cast of criminal characters, I have been taking stock of the “bigger picture” What I have come to the conclusion of, is that we, out of all things, the creators of the internet, the computers, the code, and the universe in general (probabilistic, newtonian, quantum, etc if you believe we in fact create our consensual reality) are the one common flaw in security.

Take that statement in a bit… I’ll be back in a moment while you ponder….

Ok, thought that through a bit? For me, the statement us an ultimate truth. We create all these things (for me universe included by perception) and in the case of the security over or within the systems that we make and use, are it’s core failing. We, for a lack of a better term, are “flawed” and thus, our systems will always be so. In the case of security today, we can see this from many angles, not just within the realm of computer security or data security, but also our efforts in war or protection from terror (ala DHS and the TSA) There are inherent flaws and unpredictable outcomes vis a vis human nature that really have to be taken account of before we can really even consider something to be more secure than not.

This is an issue that I think many are overlooking as they seek to make the better mousetrap cum Rube Goldberg device that will then sit blinking in your rack at the NOC. Boiling it all down to the sum total of security issues, we have the human being and their “nature” to consider as the driver of the ill as well as the arbiter of demise in any security scenario we can think up here. This is why I have decided to write this post, I want you all to stop, take a look around you, and see the problem from the macroverse instead of the microverse of code and hardware.

It’s all in the wetware man.

Human Nature, It’s Anathema To Security

Human nature… What a many splendored thing huh? It gives us so much latitude as a species to be dominant on this planet and yet, we still seem to be unable to overcome it and protect ourselves from it’s down side. Of course it isn’t just that our natures precludes us from attempting to secure things today, it’s also that we are using technologies that we built, us, fallible beings who tend to code in error and without foresight into how it could be abused. On that note, the abuse of the code itself is also human nature, we are always pushing the bounds trying to outdo others or just test the bounds of our realities so, it’s a natural progression really. Of course then there is also criminality, and the darker tendencies that we all have… We are just a pile of trouble aren’t we?

On the other hand, there is also the tendency for laziness today that we all have, whether that be intellectual or other slothly behaviors that can be and often times, are the cause for security failures. It is laziness in coding and a desire to work faster and maximize profits for example, that lead many people down the path of sloppy code and massive vulnerabilities therein. Couple this with the need for speed that today’s work environment (time is money calculations aside) demands, and we have the mix for epic failure much of the time. Oh, and lest we forget hubris, like that of Microsoft. coming so late to the security game in their coding and testing of operating systems, that, in effect are the most frequently vulnerable as well as the biggest target from user base perspectives.

Oh, and there are also the basics of human nature such as being helpful, or other more base desires that often are the unraveling of security measures. You can have all the defenses in the world, but all it takes is one person saying “Gee! Look! A USB stick in the parking lot! ITS ALL MINE!!! I MUST PLUG IT IN NOW!” How often have you pentesters out there reading this now have used that very exploit? Over and Over and Over again and had success each time. How many of us have had the door held for us even when we don’t have a badge? Yeah, I know, many have and though have been warned on the perils of doing so, still do it out of instinct or perhaps social programming.

It’s human nature that is the undoing of the best laid plans of mice and men…

What I am getting at is a simple truth, we are the problem. If we aren’t creating the poorly coded software, then we are the ones opening the gates to the Hun hoard, or worse, we are in fact that Hun hoard and are exploiting those weaknesses for our own gains (whether it be nation state, pentester as a job, or criminal to make a buck) it’s all driven by our nature.

HUMINT and The Push Of Social Media

So enters the era of “Social Media” and wow, we are a social animal aren’t we? We have Facebook, where we seemingly just expose all of our foibles, secrets, and other trivia daily, no, wait, by the second, every day. Who knew we would be so in need of telling everyone (not to mention showing everyone screen shots of our meals) about every little thing we do? Our location at that time, or perhaps that little Timmy took his first solid dump. *shudder* It’s little wonder that you see how much the government is interested in our “social” data huh? We are so willing to just give it up without a thought to it.

It’s our nature I guess… Tribes around a digital fire now…

Back to social media and HUMINT though, you see, this is the next wave. Since everyone wants to communicate on the Internet, then its easier to communicate with everyone and everyone in a way that, as we have seen, allows for a lot of data gathering, and manipulation. See, now we have the infrastructure populated, we will now use it, subvert it, for goals other than just befriending someone. Hell, we now have bots that do it for us right? How do you know that that person you are talking to on Twitter is a person or a heuristically adept bot? Give it some pause…

Think about the potentials here for every kind of abuse or manipulation. Anything from online advertising using Turing bots to intelligence agencies and others gathering data on you all for whatever purpose serves their needs, and you, you are the commodity.. The “asset” So, yes, as the technologies advance and the human nature side of things continues to allow for strides in security as well as the inevitable setbacks, you, will become the ultimate target of the easy score for data that could lead to compromise. After all, what do you think the real persistent threats rely on? Human nature, our nature and proclivities for social interaction, which, really, is what the Internet is all about huh?

Now, as you go to post on Facebook about your last meal.. Ponder this…

So, How Do We Remediate All of This?

Is remediation possible? Can we change the vagaries of human nature to the point where we can actually not only secure systems adeptly, but also secure the end users to disallow the lowest of the low hanging fruit? Can we get coding initiatives that work and for God’s sake, come up with non Turing complete machines and code? One wonders if it ever really a possibility, and frankly, the sense I get of things lately in the security community is no. We will never win the battle, the war will rage on forever and at least we will have jobs, but, we must get used to failure in the grander scheme of things.

Once again, human nature is the arbiter here and, well, we are human aren’t we? I guess the answer is no, we will never be able to remediate it all. As we move forward with an uncertain digital world, one where we have put all our eggs in one digital basket (yes, power, light, water, control) we all must look at the nature of it all and ponder what have we done to ourselves here? Has our nature and a propensity for laxity in thought and deed placed us in greater jeopardy? Will we ever learn from the things we have seen already and try to remedy the situations? Or will we just go on blithely until such time as there is an epic failure that causes us pain?

This is not to say it will happen, nor that I believe it will be as epic as some on capitol hill would have you think, nor those in the shadows selling them the digital snake oil in the first place. What I see though is that unless we get smarter and try to manage our natures here, some will end up exploiting them to our collective detriment. Whether it be the laws around our privacy, or lack thereof, or the connecting of systems upon systems that, should one fail in a cascade, we really could have an problem, we all have to take a step back and look in the mirror.

We are the problem.

K.

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

The people behind the Flame malware network appear to have responded torecent publicity by sending out a command that has caused it toself-destruct. Some of the command-and-control servers in Flame'sinfrastructure sent out a file that is essentially a Flameuninstaller, which also overwrites the disk with random characters tohelp disguise its footprint.

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

After President Obama’s news conference Friday morning, a Fox News panel, including Pulitzer Prize-winning columnist Charles Krauthammer, took a moment to analyze one of the most talked-about portions of the presser: the president’s reaction to being asked about whether members of his administration were leaking classified information to help his reelection bid.

“The notion that my White House would purposely release classified national security information is offensive,” the president said.

Krauthammer believes the president’s response was a misstep.

“I think he’ll regret having made this statement the same way he’ll regret the idea about the private sector doing okay,” said the columnist.

Watch Krauthammer’s analysis at the 2:33 mark (via Fox News):

He continued:

If it is offensive, the idea that it would’ve been leaked, when we know that in the report itself it included White House officials, then let him prove it by having a special council appointed. From what you said, they would’ve said ‘appoint a special council’ (had it been the equivalent of a “Scooter” Libby investigation).

So what does Krauthammer think is the next step in this growing story?

Last week the Wall Street Journal reported that the FBI opened an investigation into the source of recently leaked information regarding covert operations conducted by the U.S. government.

Now Attorney General Eric Holder has appointed two federal prosecutors to lead the investigation into leaks concerning the government's use of a sophisticated cyber weapon known as Stuxnet and a foiled attack by al Qaeda in the Arabian Peninsula.

“These two highly-respected and experienced prosecutors will be directing separate investigations currently being conducted by the FBI. I have every confidence in their abilities to doggedly follow the facts and the evidence in the pursuit of justice, wherever it leads,” Holder said.

Previously, FBI Director Robert Mueller had announced an investigation into the leaking of information surrounding the disruption of the a planned attack using a bomb concealed in under garments.

With the appointment of special investigators by Holder, the probe has widened to include the disclosure of the development of the Stuxnet virus, which infected systems that provided operations control for Iranian production networks, and was most likely produced to stifle Iran's nuclear weapons program.

“Leaks such as this threaten ongoing operations, puts at risk the lives of sources, makes it much more difficult to recruit sources, and damages our relationships with our foreign partners.” Mueller said last month.

Stuxnet, which emerged in 2010, targeted Siemens Programmable Logic Controllers (PLCs) and is thought to have caused severe damage to equipment at Iranian uranium enrichment facilities, setting back the nation's weapons program by as much as several years.

Stuxnet is largely considered to be a game changer in the world of information security, as the infection did not merely cause problems with the tainted systems, but actually affected kinetic damage on the equipment those systems controlled.

The leaked information about the development of the Stuxnet virus was revealed in an article by New York Times' writer David Sanger, which prompted Holder's move to appoint special investigators.

“Leaks such as this have … a huge impact on our ability to do our business, not just on a particular source and the threat to the particular source, but your ability to recruit sources is severely hampered,” Mueller said.

“In cases such as this, the relationship with your counterparts overseas are damaged and which means that an inhibition in the willingness of others to share information with us where they don’t think that information will remain secure. So it also has some long-term effects, which is why it is so important to make certain that the persons who are responsible for the leak are brought to justice," Mueller maintains.

Senator John McCain of Arizona suggested that the leaks may have been intentional on the part of the White House in "an attempt to further the president's political ambitions for the sake of his re-election at the expense of our national security."

White House spokesman Josh Earnest rebutted the speculation, stating "It's classified for a reason, because publicizing that information would pose a significant threat to national security."

President Obama also denied there was an intentional leak emanating from the White House, stating that “the notion that my White House would purposefully release classified national security information is offensive. It’s wrong."

The investigation could result in multiple subpoenas, including those directed at White House officials and Time reporter Sanger.

“[The reporters] are going to fight you tooth and nail but, eventually … you can actually subpoena them - but there are strict guidelines," said former federal prosecutor Peter Zeidenberg.

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

If this is the case we might begin looking for evidence of more code from Operation Olympic Games floating around in cyberspace. Flame provides a framework for future warfare in cyberspace, as proposed by eScan Blog here.(Link ref: http://blog.escanav.com/2012/05/31/flame/ )

It does not appear that Flame is used to feed information to Stuxnet, so for what is the information obtained by Flame used?

Ah, that is the $64,000 dollar question. There appears to be other programs floating around therefore, using the information obtained by Flame. We know the information obtained by Flame comes from systems connected with the internet, so offline facilities, such as Natanz, should not provide any information.

I can speak only for the US, where the vast majority of military equipment is not connected to the internet, they are on separate networks. I am assuming Iranian systems are the same. This leaves critical infrastructure, such as electrical facilities, power sources, transportation and such, which can all have military applications.

As I am careful to state, time and again, the targets must be used solely by the military to comply with the Laws of Armed Conflict. From experience we have seen that Iran might not apply their targeting criteria so studiously, especially when they have proclaimed their nuclear program is entirely for civilian use.

When targeting electrical systems that supply power to the military, it is difficult to avoid civilian bleedover. It will be interesting to observe what the Iranians will target.

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

TOP OF THE NEWS --US Senators Draft Proposed a Cybersecurity Bill Compromise(June 7, 2012)US Senators Sheldon Whitehouse (D-Rhode Island) and John Kyl (R-Arizona)are circulating a draft proposal for a cybersecurity bill that aims atsatisfying legislators on both sides of the aisle. Democrats supportlegislation that would impose mandatory cybersecurity standards onsystems that are part of the country's critical infrastructure, whileRepublicans support legislation that encourages threat informationsharing but does not compel the utility companies to comply withrequirements. The draft legislation treads a middle ground, offeringincentives for companies that meet established "baseline performancegoals" of cybersecurity. The incentives would include liabilityprotections, edges in acquiring government funding, and they wouldreceive technical cybersecurity assistance.http://thehill.com/blogs/hillicon-valley/technology/231601-senators-float-compromise-on-cybersecurity-mandates-

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Anonymous, a loosely organized group of hackers that has targeted big businesses and governments, could be co-opted by nation states and terrorist groups that want to use it for their own ends, cybersecurity experts said May 17.

Anonymous reportedly has some 50,000 members. It is generally believed to not have a central leadership. That leaves it open for infiltration by hackers affiliated with nations such as China, Russia or Iran. They could surreptitiously use or manipulate the organization to carry out attacks on their behalf, said Lewis Shepherd, director of the Microsoft Institute for Advanced Technology in Governments.

"There is evidence of this, but it is classified," Shepherd said at the Counter Terror Expo in Washington, D.C. Al-Qaida in its literature has also expressed interest in using the group, he added.

Anonymous has been called everything from hacktavists, to terrorists, and has attacked governments of all types. The group is also well known for going after child pornographers. On Tuesday, it was reported in the Indian press, that Anonymous was suspected of taking down the nation's Supreme Court website after the Indian government announced some new Internet policies. About three dozen of its members have been arrested.

There is precedence for such groups being infiltrated, Shepherd said. The Soviet Union and China in the 1950s and 1960s were adept at infiltrating and sometimes taking over home grown national liberation movements in developing nations and using them in their global rivalry against the West.

"They didn't always have complete control of the operations of these national liberation movements, but strategically they were certainly able to exploit their activities," he said.

The degree of state sponsored influence or guidance in Anonymous' ranks is unknown, and hasn't received a lot of attention yet, he added. Companies who find themselves the target of Anonymous should take responsibility for protecting their own data, he said. But stopping a nation state from an attack is something different. In that case, there has to be a close partnership between industry and government.

David J. Smith, director of the Potomac Institute Cyber Center, said Anonymous' greatest strength is also its greatest weakness: it is leaderless, it is amorphous and nobody knows who they are.

"If somebody decides they are going to be Anonymous, they are anonymous. So you could get Russians, Chinese, Iranians. You could start getting a nation-state threat, or ... an Al-Qaida getting into the business of masquerading, literally, as Anonymous," Smith said. "I think that is something we really need to take a look at.

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

There could be a day when the United States decides to retaliate in cyberspace for a computer-based attack on its networks or infrastructure.

Normally, two nations at war would garner 24-hour news coverage, boldface headlines and Pentagon briefings. But this would be a conflict waged with “ones” and “zeros” across computer networks. The damage may be unseen, and even “fixed” within a few short hours. The public may not even realize that it’s occurring.

It’s fashionable to use the same lexicons and to make comparisons, but cyberwar is nothing like real “kinetic” war, said Martin C. Libicki, a researcher and author of a new Rand Corp. book, Cyberdeterrence and Cyberwar, which takes an in-depth look at what would have to occur for two state actors to engage in such a conflict. (Correction: The book was initially published in 2009).

“Cyberwar is not simply kinetic war in another dimension. It’s got a different set of rules, a different set of parameters, a different set of questions, a different set of answers,” he said at a Capitol Hill briefing Feb. 22.

That’s one reason why a cyberwar could play out unseen by most people. The shutting down of electrical grids would be noticed, but the manipulation of data on other systems may not immediately come to light. It took one full year for Iranian scientists to realize that the software had been compromised by the Stuxnet virus, Libicki noted.

There have only been four known acts of cyberwar, Libicki said. The denial of service attacks on Estonia in 2007 and on Georgia during its war with Russia in 2008, an Israeli attack on Syrian air defense radars in 2007, and the Stuxnet virus that was aimed at damaging Iranian centrifuges associated with its nuclear energy program.

Cyberattacks cannot be confused with cyberespionage, he noted. Nations do not go to war over spying, he said. The book examines large-scale, tit-for-tat cyber-assaults between two nations. It does not ponder the implications of an attack by terrorists because there are few opportunities for retaliation. If al-Qaida were to shut down a U.S. electrical grid, the United States could not respond in kind because the group has no infrastructure, he said.

Libicki also does not address tactical actions, or what he calls an “operational cyberwar” during a real-world conflict where an adversary may try to take down networked-enabled systems to gain an advantage on the battlefield. “In the context of a physical war, that makes a certain amount of sense,” he said.

Attribution is one of the keys to retaliating against a cyberattack, he noted. It is also one of the hardest aspects. It is difficult to know who is attacking a network. Once the identity of the attackers is verified, and if they are indeed a nation-state, then the United States must decide if retaliation is necessary.

In the event of a cyberwar, there is unlikely to be long-term damage. An attack or counter-attack can only occur if there is a vulnerability in a computer system. Vulnerabilities can be patched up quickly, or traffic can be rerouted away from the system — in most cases within hours and days. In regular warfare, the ability to hit the same target several times, known as “serial reapplication,” is a part of warfare and can be a deterrent. But once a counter-attack occurs, it tips the adversary off and subsequent attacks may not be as effective, he said.

Battle damage assessment is hard to determine. The decision to launch a counter-attack may hinge on knowing how much harm to the opponent’s system could be inflicted. That is difficult to assess, he added.

“Are the effects obvious to the public?” is a question that needs to be asked. “If the effects are not obvious to the public, you don’t lose public face by not retaliating,” he said. However, the United States could launch a counter-attack in ways that are not obvious to the opponent’s public. There needs to be a message conveyed to the leadership “about the lack of wisdom in attacking the United States in cyberspace.”

Another reason why the public may not be informed of a cyberwar is the risk that a third party could insert itself into the conflict. If the United States and China were engaged in such a war, for example, a hacker — someone sitting on a couch in a basement somewhere — or a third nation interested in seeing a prolonged conflict, could surreptitiously launch computer assaults and escalate the war.

“An exchange of cyber-attacks between states may also excite the general interest of superpatriot hackers or those who like to dogpile — particularly if the victim of the attack or the victim of retaliation, or both, are unpopular in certain circles,” Libicki wrote in the book, which was commissioned by the Air Force. The two adversaries may blame each other for the attacks, and not be aware that they are being manipulated.

A cyberwar that flies under the radar of the general public is possible, but unlikely, simply because these incidents tend to bubble to the surface despite the best efforts of the government, he said.

“There is a tendency in some communities to believe that every thing they do is covert, and no one is ever going to hear about it, and then mistakes get made,” he said.

Deterrence worked well in the nuclear age. The Soviet Union and the United States never engaged in a nuclear conflict. “The best defense is a good offense,” is one of the axioms U.S. leadership has said about thwarting a large-scale cyber-attack.So how good is the United States? It’s cyber-offense capabilities have been largely kept out of the public eye. Libicki didn’t want to reveal much in a nonclassified setting, saying only that, “We’re really good. ... In fact, I think we’re better than anybody else. We’re also very professional about this. The state of our tradecraft is very good.”

A cyberwar is not something that keeps Libicki up at night. Like nuclear war, it is a low probability, high-consequence scenario. The number of potential adversaries that have the ability to carry out such an attack, as well as the desire to pull the trigger and risk the ire of the United States, are few, he noted.

“This is one of these cases where you have to look at defense and offense and somehow come up with a happy medium,” he said. Shoring up defenses in the nation’s electrical grids would be a good place to start, he noted. But to not have a good offense would result in “ a hollow deterrence policy,” he noted.

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Forgive me the moment of Captain Obvious but "It is difficult to know who is attacking a network. Once the identity of the attackers is verified, and if they are indeed a nation-state, then the (attacked state) must decide if retaliation is necessary."

So, thanks to Pravda on the Hudson working in conjunction with CiC Obama and his inner circle, the Iranians now have confirmation stuxnet was us AND they have been publicly humiliated.